[MEV.spdx.txt](https://github.com/user-attachments/files/19091266/MEV.spdx.txt) ``` pyspdxtools -i MEV.spdx ``` gives no error, so the SPDX SBOM is valid. However, as there is no `FilesAnalyzed`, it defaults to true so `PackageVerificationCode` is mandatory. So the SBOM should be flagged as invalid. See also: https://github.com/spdx/tools-java/issues/188
MEV.spdx.txt
gives no error, so the SPDX SBOM is valid.
However, as there is no
FilesAnalyzed, it defaults to true soPackageVerificationCodeis mandatory.So the SBOM should be flagged as invalid.
See also: spdx/tools-java#188